[THM][Note] Principles of Security[THM][Note]

https://tryhackme.com/room/principlesofsecurity

Task2

CAIはセキュリティにおいて非常に重要な基礎概念です。

情報セキュリティとはなにか説明しなさい。と言われた時に、「情報のCIAを保証すること」が回答となります。

What element of the CIA triad ensures that data cannot be altered by unauthorised people?

• CIAの中で、情報の完全性を保証しているのはどれ？

What element of the CIA triad ensures that data is available?

• CAIの中で、情報へアクセスを保証しているのはどれ？

What element of the CIA triad ensures that data is only accessed by authorised people?

• CIAの中で、情報へ機密性を保証しているのはどれ？

Task3

What does the acronym “PIM” stand for?

• 説明文をよく読む。

What does the acronym “PAM” stand for?

• 説明文をよく読む。

If you wanted to manage the privileges a system access role had, what methodology would you use?

• 機器によってはMAC（Mandatory Access Control）とも呼ばれます。

If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

• OSによっては、DAC（Directory Access Control＝Linux系OS）、RBAC（Role Base Access Control＝Windows系OS）とも呼ばれます。

Task4

What is the name of the model that uses the rule “can’t read up, can read down”?

• 説明文をよく読む。

What is the name of the model that uses the rule “can read up, can’t read down”?

• 説明文をよく読む。

If you were a military, what security model would you use?

• 上の情報がみれないモデルは？

If you were a software developer, what security model would the company perhaps use?

• 下の情報が見れないモデルは？

Task5

What model outlines “Spoofing”?

• 説明文をよく読む。

What does the acronym “IR” stand for?

• 説明文をよく読む。

You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?

• 説明文をよく読む。

An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this? 

• 説明文をよく読む。